Bugzilla – Bug 1214571
VUL-0: CVE-2022-29654: nasm: buffer overflow vulnerability in quote_for_pmake in asm/nasm.c
Last modified: 2024-04-19 09:00:14 UTC
CVE-2022-29654 Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. No upstream fix available. Note: The above problem was found by running nasm 2.15.05. So the correct notation would be <= 2.15.05. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29654 https://www.cve.org/CVERecord?id=CVE-2022-29654 https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/
Created attachment 868990 [details] Reproducer # nasm -t -Z/dev/null -g -O0 -o /dev/null -M -f bin ./CVE-2022-29654.poc Segmentation fault (core dumped)
Note: Do not trust data from unknown sources. Do not assemble/disassemble binaries from unknown sources without a sandbox environment that protects you from possible attacks. In general: This is not a severe issue. It can only be exploited if general security measurements and best practices are not followed.
Please see https://bugzilla.suse.com/show_bug.cgi?id=1214499#c4
Closing as WONTFIX as discussed above.